Ethereal-users: Re: [Ethereal-users] Ethereal Capture Filters and Display Filters

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 1 Aug 2003 14:01:47 -0700

On Friday, August 1, 2003, at 7:13 AM, Rajan, Ramesh (CONS FIN) wrote:
I am a first time user to sniffers. I was given ethereal and some knowledge on it and asked to collect sniffer data for HTTP Traffic and Java RMI traffic. I was able to collect only TCP traffic but unable to write filter strings for HTTP traffic and JAVA RMI.
There are no capture filters for HTTP or Java RMI; capture filters don't work above the transport layer header. To filter on HTTP traffic, you could do "tcp port 80", but you might also want port 8080 and any other ports on which HTTP traffic might be sent - but it'll get captured if it's to or from those ports, regardless of whether it's HTTP traffic or not, and it won't capture HTTP traffic that's not to or from those ports. Similarly, you could do "tcp port 1099" to capture Java RMI traffic - but it'll capture traffic to or from that port, regardless of whether it's Java RMI traffic or not.
The display filter for HTTP is "http", and the display filter for Java RMI is "rmi".